- https://github.com/natlas/natlas
- https://github.com/RustScan/RustScan
- https://github.com/activecm/rita
- https://github.com/vesche/scanless
- https://github.com/osquery/osquery
- https://github.com/JPCERTCC/LogonTracer
- https://github.com/PlumHound/PlumHound
- https://github.com/j3ssie/Osmedeus
mark05E mark05e
mark05e
/ interesting-apps-security.md
Last active
October 11, 2021 17:58
mark05e
/ disable-chrome-notification.ps1
Created
July 21, 2021 19:37
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://www.reddit.com/r/msp/comments/oolx6j/powershell_disabling_chrome_notification/ | |
| if ((Test-Path -LiteralPath "Registry::\HKEY_CURRENT_USER\Software\Policies\Google\Chrome") -ne $true) { | |
| New-Item "Registry::\HKEY_CURRENT_USER\Software\Policies\Google\Chrome" -force -ea SilentlyContinue | |
| }; | |
| New-ItemProperty -LiteralPath 'Registry::\HKEY_CURRENT_USER\Software\Policies\Google\Chrome' -Name 'DefaultNotificationsSetting' -Value '2' -PropertyType DWord |
mark05e
/ RemoveWebroot.ps1
Last active
April 15, 2025 09:01
PowerShell script to forcefully remove Webroot SecureAnywhere. It is recommended to run the script twice, with a reboot after the first run. Maintenance Note - https://gist.github.com/mark05e/0a04a54c1e8489c770bd91e4910d7df9
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Removes Webroot SecureAnywhere by force | |
| # Run the script once, reboot, then run again | |
| # Webroot SecureAnywhere registry keys | |
| $RegKeys = @( | |
| "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\WRUNINST", | |
| "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WRUNINST", | |
| "HKLM:\SOFTWARE\WOW6432Node\WRData", | |
| "HKLM:\SOFTWARE\WOW6432Node\WRCore", | |
| "HKLM:\SOFTWARE\WOW6432Node\WRMIDData", |
mark05e
/ Get-EdgeEnterpriseMSI.ps1
Last active
January 15, 2025 02:33
Using PowerShell to download Edge Chromium for Business. Maintenance Note - https://gist.github.com/mark05e/0a04a54c1e8489c770bd91e4910d7df9
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ref: https://raw.githubusercontent.com/matbe/PowerShell/master/Other/Get-EdgeEnterpriseMSI.ps1 | |
| # ref: https://www.deploymentresearch.com/using-powershell-to-download-edge-chromium-for-business/ | |
| <# | |
| .SYNOPSIS | |
| Get-EdgeEnterpriseMSI | |
| .DESCRIPTION | |
| Imports all device configurations in a folder to a specified tenant | |
| .PARAMETER Channel |
mark05e
/ phish-investigation-20210810.md
Last active
August 11, 2021 01:46
mark05e
/ stop-exchange-services.ps1
Last active
January 15, 2025 02:33
Maintenance Note - https://gist.github.com/mark05e/0a04a54c1e8489c770bd91e4910d7df9
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # STOP AND DISABLE ALL EXCHANGE SERVICES WITH A SINGLE LINE | |
| # ref - http://ccmblogs.co.uk/?p=293 | |
| get-service | ?{$_.DisplayName -ilike "Microsoft Exchange*"} | stop-service | |
| get-service | ?{$_.DisplayName -ilike "Microsoft Exchange*"} | set-service -StartupType Disabled | |
| get-service | ?{$_.DisplayName -ilike "Microsoft Exchange*"} | select status, starttype, name, displayname |
mark05e
/ ps1-template.ps1
Created
August 13, 2021 15:24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ref - https://www.reddit.com/r/PowerShell/comments/p3a45l/logging_and_global_variables/h8q8mri | |
| # ref - https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_redirection?view=powershell-7.1 | |
| # ref - https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_commonparameters?view=powershell-7.1 | |
| # ref - https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_preference_variables?view=powershell-7.1 | |
| #region Logging | |
| clear-host | |
| $logTime = Get-Date -Format "yyyyMMdd_HHmm" | |
| $script = ($MyInvocation.MyCommand) | |
| if($script.Path){ |
mark05e
/ Get-ChromeExtension.ps1
Last active
January 15, 2025 02:33
Audit Chrome Extensions with PowerShell. Maintenance Note - https://gist.github.com/mark05e/0a04a54c1e8489c770bd91e4910d7df9
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ref - https://write-verbose.com/2018/12/15/audit-google-chrome-extensions/ | |
| function Get-ChromeExtension { | |
| <# | |
| .SYNOPSIS | |
| Gets Chrome Extensions from a local or remote computer | |
| .DESCRIPTION | |
| Gets the name, version and description of the installed extensions | |
| Admin rights are required to access other profiles on the local computer or | |
| any profiles on a remote computer. |
mark05e
/ Get-EdgeExtension.ps1
Last active
January 15, 2025 02:32
Maintenance Note - https://gist.github.com/mark05e/0a04a54c1e8489c770bd91e4910d7df9
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ref - https://write-verbose.com/2018/12/15/audit-google-chrome-extensions/ | |
| # ref - https://stackoverflow.com/questions/43467231/where-is-location-of-microsoft-edge-extension-folder-that-are-installed-from-mic | |
| function Get-EdgeExtension { | |
| <# | |
| .SYNOPSIS | |
| Gets Chrome Extensions from a local or remote computer | |
| .DESCRIPTION | |
| Gets the name, version and description of the installed extensions | |
| Admin rights are required to access other profiles on the local computer or |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://docs.microsoft.com/en-us/troubleshoot/browsers/disable-internet-explorer-windows | |
| @rem DISM /Online /Get-Capabilities | |
| @rem Dism /online /Get-Features | |
| DISM /Online /Get-CapabilityInfo /CapabilityName:Browser.InternetExplorer~~~~0.0.11.0 | |
| Dism /online /Get-FeatureInfo /FeatureName:Internet-Explorer-Optional-amd64 | |
| dism /online /Remove-Capability /CapabilityName:Browser.InternetExplorer~~~~0.0.11.0 | |
| dism /online /Disable-Feature /FeatureName:Internet-Explorer-Optional-amd64 |